- A total of 4,861 of the 7,962 impacted users have cancelled their permissions.
- The group has unveiled a strategy to make up for the users’ financial losses.
Multichain, a cross-chain router protocol, stated that it had recovered over half of the total stolen cash, which totaled roughly $2.6 million. In addition, the group has unveiled a compensation strategy to make up for the users’ financial losses.
Dedaub, a blockchain security specialist, notified Multichain on Jan. 10 of two vulnerabilities in its liquidity pool and router contracts, which affected eight cryptocurrencies, including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC), and Avalanche (AVAX).
Revoke the Approvals
Users were encouraged by the Multichain team a week later to cancel permissions for the vulnerable smart contracts as an emergency damage control measure on Jan. 18. Although the warning notice prompted additional hackers to attempt the attack, damages surpassing $3 million were reported.
It has been claimed that Multichain has solved a vulnerability in the liquidity pool by implementing new contracts for the impacted coins’ liquidity.
The team mentioned:
“However, the risk remains for the users who have yet to revoke approvals for the affected router contracts. Importantly, users themselves have to be the ones to revoke the approvals.”
A total of 4,861 of the 7,962 impacted users have cancelled their permissions as of Feb. 18; the remaining 3,101 addresses had been urged to do the same by Multichain. The team retrieved 912.7984 WETH and 125 AVAX (worth about $2.55 million and $10,000) of the 1,889.6612 WETH and 833.4191 AVAX stolen funds.
